CVE-2016-9962

NameCVE-2016-9962
DescriptionRace condition in Docker Engine before 1.12.6 might allow local root users in a container to gain privileges by using ptrace to access file-descriptors of a process launched or moved into the container from another namespace, aka an "on-entry vulnerability."
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: local)
Debian Bugs850951, 850952

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
docker.io (PTS)sid1.13.0~ds1-2vulnerable
runc (PTS)stretch0.1.1+dfsg1-2fixed
sid1.0.0~rc2+git20161109.131.5137186-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
docker.iosource(unstable)(unfixed)medium850952
runcsource(unstable)0.1.1+dfsg1-2medium850951

Notes

https://bugzilla.suse.com/show_bug.cgi?id=1012568
https://github.com/docker/docker/compare/v1.12.5...v1.12.6
https://github.com/opencontainers/runc/commit/50a19c6ff828c58e5dab13830bd3dacde268afe5

Search for package or bug name: Reporting problems